Personal data from 30 million Facebook accounts stolen

Last month, Facebook reported a security breach that was thought to have compromised between 50 and 90 million accounts. But now there is good news… well, sort of.

Over the weekend, Facebook has proudly confirmed that actually only 30 million users have been affected.

Swathes of private data stolen from 30 million Facebook users

In a statement given to the media by Facebook’s Vice President of Product Management, Guy Rosen, the company confirmed that the breach meant that hackers were able to access the account details of 30 million users.

To most people that seems like a massive number, but it is actually only 1.3% of Facebook’s total users, which makes it quite easy for the social media behemoth to try and brush it under the carpet.

But while it may be a small number to Facebook, the consequences for those affected could be profound. By Facebook’s own admission, the 14 million accounts which have been worst hit saw hackers scrape a huge amount of data.

These include such things as username, gender, location, relationship status, religion, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, people or Pages they follow, and their 15 most recent searches.

The sheer range of personal data stolen could have consequences well beyond Facebook for affected users.

While Facebook promises to reset all affected authentication tokens, this data is likely to give hackers a decent chance of being able to access other online accounts, either by guessing passwords or answering security questions.

Of the other 16 million affected users, there were 1 million who didn’t have any data scraped as far as Facebook are aware, while the remaining 15 million will have lost some, but not all, of the information listed above.

Extent of the damage still not fully known

Facebook also admitted that they still may not know the full extent of the breach, despite it having been discovered more than a month ago. And as if users won’t be worried enough, they also said that it was possible that there could be further ‘smaller-scale attacks’ linked to that initial breach.

This is at least in part because Facebook has realised that this vulnerability has existed since July 2017, but was only spotted in September of this year, meaning hackers could have been exploiting it for more than a year without detection.

There are a couple of rays of light in this whole sorry episode. Facebook has confirmed that they do not believe the breach has affected third-party apps implementing Facebook Login.

And they have also confirmed that third-party Facebook apps like Messenger, Instagram, WhatsApp, Pages, Oculus, and Messenger Kids, have also not been hit by the security breach.

When asked, Facebook confirmed that they would not be spending some of their hard-earned profits on any kind of identity theft monitoring service for affected users. This has become an increasingly common practice in recent years when companies are breached.

That could be because they will have to scrape together all of their free cash to deal with the fines they could face for any affected users in Europe.

Under the new General Data Protection Regulation (GDPR) which came into force across the EU earlier this year, they could face mind-boggling fines if even a small proportion of the 30 million affected users are based in the EU.

What to do if you have been affected

If you want to find out if Facebook has haemorrhaged your private data to hackers, you have to visit the Facebook Help Centre and log into your account.

There are also plans to send customised messages to those users affected, but it is not known when Facebook will get around to this.

This is not the first such security breach to have impacted a large number of Facebook users and it certainly won’t be the last.

And when put together with the recent details of how Facebook has been brazenly selling user data to companies like Cambridge Analytica, it is clear that nothing put onto a Facebook account can be considered secure and private.

If you are no longer using your Facebook account, it is highly recommended that you ensure that the account is completely deleted, and no data remains on Facebook’s servers.

If you are still a user, try to put the minimum amount of personal data onto your account and be sure to regularly check your privacy settings as these are often changed without warning and could lead to the unwanted exposure of private information.

About The Author

David is VPNCompare's News Editor. Anything going on in the privacy world and he's got his eye on it. He's also interested in unblocking sports allowing him to watch his favourite football team wherever he is in the world. Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.